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DETAILED DESCRIPTION 

[Detailed Description of the Invention] 

[ 0001 ] 

[Field of the Invention]This invention relates to a user's use control system, the user's use 
control method, and a user's use control program, and relates to the invention for raising a 
user's etc. convenience especially. 

[ 0002 ] 

[Description of the Prior Art] Conventionally, each company, government and municipal 
offices, etc. institute what is called intranet in the company, share information between 
each company member using the user terminal connected to this, and have been attaining 
the increase in efficiency of each business, etc. 

[0003]Thus, for example in the database etc., when intranet is used, in order to judge 
whether access may be permitted to the user who has accessed, art, such as user 
authentication, is generally used. Each user inputs User Information of a password etc. 
from a user terminal, when such attestation is called for. 

[0004] And such a password will be the length which data length becomes long, and an 
individual cannot memorize certainly, and cannot be inputted, in order to raise the 
security. Therefore, it is possible to use portable information storage media, such as a 
smart card used as a banking card, a credit card, a point card, a prepaid card, etc. 

[0005]It is each user's making User Information memorize beforehand in this portable 
information storage medium, and inserting this in the card reading device connected to 
the user terminal by this, It becomes possible to perform personal authentication, without 
inputting User Information required in order to access information one by one from an 
input device. 

[0006]However, when predetermined User Information is stored in such a portable 
information storage medium, a possibility that the User Information concerned will be 
shortly read from the portable information storage medium cannot be denied thoroughly. 
And if User Information is acquired from a portable information storage medium, it will 
become possible to access unjustly. 

[0007]Therefore, as for the user's use control system to which the personal authentication 
etc. of the user who uses a user terminal conventionally using such a portable information 
storage medium are made to perform, it is co mm on to be provided for a user with a 
program using the command according to standard original with each, etc. 

[0008] 

[Problem(s) to be Solved by the Invention]By the way, since each was provided by the 




program and set which access a portable information storage medium by the original 
command according to standard as mentioned above, the portable information storage 
medium which has developed in this way has inconvenient [ following ] in a user. 
[0009]The user using two or more programs developed independently has to substitute 
the portable information storage medium inserted in a user terminal, when carrying the 
portable information storage medium of two or more sheets prepared for every program 
and using each program. 

[00 1 0] In the program which used such a portable information storage medium especially, 
in order to forbid double use of the portable information storage medium in two or more 
user terminals, the insert and remove of the portable information storage medium, etc. are 
supervised. And each program used on a user terminal uses the original portable 
information storage medium based on a security condition original with each. Therefore, 
even if it is a case where one user terminal is used, Since a user uses a new program, if 
the portable information storage medium inserted in the card reading device is 
substituted, it will become impossible to use the program used by then in almost all cases. 
That is, in a user, two or more above-mentioned programs cannot be used simultaneously. 
[001 l]And in order to remove inconvenient [ in such a user ], it is possible to store User 
Information of two or more programs in one portable information storage medium. 
[0012]However, when it is going to store User Information of two or more programs in 
one portable information storage medium in this way. Shortly, it must stop having to 
correspond to two or more kinds and standards of a portable information storage medium 
in the direction of a program, and increase of a program development person's 
development load, protraction of a development cycle, etc. pose a problem. 

[0013]This invention, without being conscious of the kind and standard of the portable 
information storage medium concerned in the program using the User Information 
concerned, though User Information is stored in a portable information storage medium, 
Desired User Information can be read from a portable information storage medium, and it 
aims at obtaining the user's use control system, the user's use control method, and user's 
use control program which pursued the convenience of the user and the program 
development person by this. 

[0014] 

[Means for Solving the Problem] In order to solve the above-mentioned technical 
problem, a user's use control system of this invention, It is a user's use control system 
which manages various kinds of execution and/or processings of a program using User 
Information which is included in a user terminal and memorized by portable information 
storage medium, A portable information storage medium which adds and memorizes a 
mutually different identification number to each User Information, After changing a User 
Information read-out demand command which specified the above-mentioned 
identification number from the above-mentioned program into a demand command which 
can be processed with a portable information storage medium, it has the User Information 
reading means which performs read-out processing to the portable information storage 
medium concerned. 

[0015]If this composition is adopted, a User Information read-out demand command 
outputted from a program is changed into a demand command which can be processed 
with a portable information storage medium in the User Information reading means, and 
can read User Information from a portable information storage medium using a demand 




command after this conversion. 

[0016]Therefore, desired User Information can be read from a portable information 
storage medium, without being conscious of a kind and a standard of the portable 
information storage medium concerned in a program using the User Information 
concerned, though User Information is stored in a portable information storage medium. 
As a result, even if it makes the above-mentioned program run on two or more portable 
information storage media, a program development person just comes for one program to 
describe, and causes neither increase of development load, nor protraction of a 
development cycle. 

[00 17] And in [ since each program can be made to run on two or more portable 
information storage media in this way ] a user, User I nformation used for one portable 
information storage medium with which each was provided by two or more programs can 
be made to memorize, simultaneous use of extraction and insertion of a card or two or 
more programs is attained, and it is very convenient. 

[00 18] A user's use control system of this invention is made to correspond to a User 
Information read-out demand command from a program, Having a correspondence table 
which memorizes a read-out demand command according to a kind of said portable 
information storage medium, said User Information reading means generates a demand 
command which can be processed with said portable information storage medium based 
on the correspondence table concerned. 

[0019]If this composition is adopted, the User Information reading means can change 
into a demand command according to a kind and a standard of each portable information 
storage medium a User Information read-out demand command outputted from a 
program. It becomes possible [ what makes two or more demand commands it not only to 
to replace a command, but correspond to one demand command before conversion by 
providing a correspondence table in this way especially ]. 

[0020]A demand command used by each program can be enacted uniquely, being able to 
set up by this a kind of demand command used by each program, without being caught by 
a kind of command according to two or more standards, and corresponding to two or 
more commands according to standard. As a result, a command which is easy to use for a 
program development person can be provided, and also development efficiency can be 
raised. 

[0021]A user's use control system of this invention said correspondence table, While 
making equivalent to a User Information read-out demand command from each program 
a command used in common in two or more kinds or standards of a portable information 
storage medium, While being the table which matched additionally a command used only 
in several kinds or a standard to the command concerned used in common, Establishing a 
judging means which judges a kind or a standard of said portable information storage 
medium, and a memory measure which memorizes a decision result by the above- 
mentioned judging means, said User Information reading means generates a demand 
command corresponding to a kind or a standard of the above-mentioned portable 
information storage medium based on said decision result. 

[0022]If this composition is adopted, it can be considered as a correspondence table to 
which a command in two or more standards concerned was summarized for every 
demand command according to standard used in co mm on in two or more portable 
information storage media. And a demand command according to predetermined standard 




is generable by adding a command used only in several kinds or a standard to the 
command concerned used in common. 

[0023] And since a command in two or more kinds and standards is summarized for every 
demand command according to standard used in common, Data volume of the part and a 
correspondence table can be reduced, and improvement in the convenience of a user or a 
program development person and reduction of data size of a correspondence table can be 
reconciled. 

[0024]Form a user's use control system of this invention, and a memory measure which 
memorizes a list of programs which outputted a User Information read-out demand 
command said judging means, If it supervises periodically whether it is accessible and the 
access concerned becomes impossible to said portable information storage medium, each 
program will be stopped based on the above-mentioned list. 

[0025]If the portable information storage medium concerned is extracted and accessing 
becomes impossible, storing in one portable information storage medium User 
Information used by two or more programs, and raising a user's convenience, if this 
composition is adopted, Since two or more programs currently executed can be stopped 
compulsorily, the same security as the conventional portable information storage medium 
is securable. 

[0026] And since there is no necessity that each program supervises a portable 
information storage medium even if it is a case where two or more programs are used 
simultaneously, a system memory used for execution of a program is not wasted. 

[0027]It is a user's use control system which manages various kinds of execution and/or 
processings of a program using User Information which a user's use control system of 
this invention is built into a user terminal, and is memorized by portable information 
storage medium, It has a memory measure which memorizes a list of programs using 
above-mentioned User Information, and a judging means which will stop each program 
based on the above-mentioned list if it supervises periodically whether it is accessible and 
the access concerned becomes impossible to the above-mentioned portable information 
storage medium. 

[0028]If the portable information storage medium concerned is extracted and accessing 
becomes impossible, storing in one portable information storage medium User 
Information used by two or more programs, and raising a user's convenience, if this 
composition is adopted, Since two or more programs currently executed can be stopped 
compulsorily, the same security as the conventional portable information storage medium 
is securable. 

[0029] And since there is no necessity that each program supervises a portable 
information storage medium even if it is a case where two or more programs are used 
simultaneously, a system memory used for execution of a program is not wasted. 

[0030]A user's use control method of this invention memorizes various kinds of User 
Information used with a user terminal to a portable information storage medium, A read- 
out demand command of the User Information concerned outputted from a program 
executed on the user terminal concerned, It changes into a demand command which can 
be processed with the above-mentioned portable information storage medium, and is 
made to perform User Information read-out processing from the above-mentioned 
portable information storage medium further using the changed demand command 
concerned. 




[003 l]If this method is adopted, a User Information read-out demand command outputted 
from a program is changed into a demand command which can be processed with a 
portable information storage medium in the User Information reading means, and can 
read User Information from a portable information storage medium using a demand 
command after this conversion. 

[0032]Therefore, desired User Information can be read from a portable information 
storage medium, without being conscious of a kind and a standard of the portable 
information storage medium concerned in a program using the User Information 
concerned, though User Information is stored in a portable information storage medium. 
As a result, even if it makes the above-mentioned program run on two or more portable 
information storage media, a program development person just comes for one program to 
describe, and causes neither increase of development load, nor protraction of a 
development cycle. 

[003 3] And in [ since each program can be made to run on two or more portable 
information storage media in this way ] a user, User Information used for one portable 
information storage medium with which each was provided by two or more programs can 
be made to memorize, simultaneous use of extraction and insertion of a card or two or 
more programs is attained, and it is very convenient. 

[0034JA user's use control method of this invention makes a memory measure memorize 
a list of programs using User Information memorized by portable information storage 
medium, If it supervises periodically whether it is accessible and the access concerned 
becomes impossible to the above-mentioned portable information storage medium, he is 
trying to stop each program based on the above-mentioned list. 

[0035]If the portable information storage medium concerned is extracted and accessing 
becomes impossible, storing in one portable information storage medium User 
Information used by two or more programs, and raising a user's convenience, if this 
method is adopted, Since two or more programs currently executed can be stopped 
compulsorily, the same security as the conventional portable information storage medium 
is securable. 

[003 6] And since there is no necessity that each program supervises a portable 
information storage medium even if it is a case where two or more programs are used 
simultaneously, a system memory used for execution of a program is not wasted. 

[003 7] A user's use control program of this invention is installed in a user terminal, It is a 
user's use control program which reads various kinds of User Information used with a 
user terminal from a portable information storage medium, A step which changes a read- 
out demand command of the User Information concerned outputted from a program 
executed on the user terminal concerned into a demand command which can be processed 
with the above-mentioned portable information storage medium, It has a step which 
performs User Information read-out processing from the above-mentioned portable 
information storage medium using the changed demand command concerned. 

[0038]If this composition is adopted, a User Information read-out demand command 
outputted from a program is changed into a demand command which can be processed 
with a portable information storage medium in the User Information reading means, and 
can read User Information from a portable information storage medium using a demand 
command after this conversion. 

[0039]Therefore, desired User Information can be read from a portable information 




storage medium, without being conscious of a kind and a standard of the portable 
information storage medium concerned in a program using the User Information 
concerned, though User Information is stored in a portable information storage medium. 
As a result, even if it makes the above-mentioned program run on two or more portable 
information storage media, a program development person just comes for one program to 
describe, and causes neither increase of development load, nor protraction of a 
development cycle. 

[0040] And in [ since each program can be made to run on two or more portable 
information storage media in this way ] a user, User Information used for one portable 
information storage medium with which each was provided by two or more programs can 
be made to memorize, simultaneous use of extraction and insertion of a card or two or 
more programs is attained, and it is very convenient. 

[0041]A user's use control program of this invention is installed in a user terminal, It is a 
user's use control program which reads various kinds of User Information used with a 
user terminal from a portable information storage medium, A step which makes a 
memory measure memorize a list of programs using User Information memorized by the 
above-mentioned portable information storage medium, If it supervises periodically 
whether it is accessible and the access concerned becomes impossible to the above- 
mentioned portable information storage medium, it will have a step which stops each 
program based on the above-mentioned list. 

[0042]If the portable information storage medium concerned is extracted and accessing 
becomes impossible, storing in one portable information storage medium User 
Information used by two or more programs, and raising a user's convenience, if this 
composition is adopted, Since two or more programs currently executed can be stopped 
compulsorily, the same security as the conventional portable information storage medium 
is securable. 

[0043] And since there is no necessity that each program supervises a portable 
information storage medium even if it is a case where two or more programs are used 
simultaneously, a system memory used for execution of a program is not wasted. 

[0044] 

[Embodiment of the Invention]The user's use control system and user's use control 
program concerning an embodiment of the invention are explained based on figures. 
Although each user is provided with various kinds of programs, such as a user's use 
control program, with the recording medium which recorded the program and in which 
computer reading is possible, generally, By this embodiment, the above-mentioned 
program recorded on the recording medium concerned explains as what is already 
installed in the program store part 15 of a user's use control system. 

[00451 Drawing 1 is a system configuration figure showing an example of the user's use 
control system by the embodiment of the invention 1 . 

[0046]The user's use control system of this invention The card shape information 
recording medium 1 as portable information storage media, such as a smart card, This 
card shape information recording medium 1 is provided with the user terminal 3 provided 
with the card reading device 2 by which insert and remove are carried out, the net 
network 4 connected to this user terminal 3, and the databases 5 and 6 which are 
connected to this net network 4 and hold various kinds of data. These databases 5 and 6 
memorize the open data of a homepage etc., for example, or memorize data [ 




KUROZUDO / extra sensitive information / in which only some users permit access / 
operating ]. In particular, in being KUROZUDO data, when there is access from the user 
terminal 3, it performs the user authentication. 

[0047]The net network 4 The Internet 7 as an open network, The intranet 9 to which one 
database 5 was connected while this Internet 7 was accessed via the firewall 8, It has the 
intranet 1 1 to which the database 6 and the user terminal 3 of another side were 
connected while the Internet 7 was accessed via the firewall 10. And if each firewalls 8 
and 10 have an access request from the Internet 7, they will generally process user 
authentication etc., and they are constituted so that it may permit access to the intranet 7, 
in being eligible personnel. 

[0048]The central processing unit (CPUiCentral Processing Unit) 12 with which the user 
terminal 3 mainly performs various kinds of data processing and control management 
based on a program, The system memory 13 used in the case of execution of this central 
processing unit 12 of a program, The timer 14 which performs a timer interrupt to the 
central processing unit 12 in the time set up by the central processing unit 12, It has the 
storage device 17 provided with the data storage part (memory measure) 16 which 
memorizes various kinds of data used in the case of execution of the program store part 
15 which memorizes the above-mentioned program, and the program concerned, and the 
system bath 1 8 which connects these mutually. 

[0049]In this user terminal 3, the peripheral equipment interface part (peripheral 
equipment I/F part) 19 is further connected to the system bath 18, Various kinds of 
peripheral devices, such as the input device 20, the display device 21, the print device 22, 
the communication device 23, and the card reading device 2, are connected to this 
peripheral equipment interface part 19. This communication device 23 is directly 
connected to the intranet 1 1 . 

r00501 Drawing 2 is a circuit block figure showing an example of the card type 
information storage medium 1 in the user's use control system of drawing 1 . 

[005 l]The central processing unit (CPU) 24 with which the card type information storage 
medium 1 performs various kinds of data processing and control management based on a 
program, The system memory 25 used in the case of execution of this central processing 
unit 24 of a program, It has the card memory 28 provided with the data storage part 27 
which memorizes various kinds of data used in the case of execution of the program store 
part 26 which memorizes the above-mentioned program, and the program concerned, and 
the system bath 29 which connects these mutually. The card I/F part 30 directly 
connected with the card reading device 2 at the time of card insertion is connected to the 
above-mentioned central processing unit 24. Although this embodiment explains to the 
example the smart card of a contact process inserted in the card reading device 2, if it is a 
portable information storage medium, it will have the same convenience, even if it is a 
smart card of a noncontact type. 

[0052]The data input/output control program 31, the standard command execution 
program 32, the enciphered program 33, and the program that the other central processing 
units 24 execute are memorized by the program store part 26. Although the enciphered 
program 33 may be executed with the central processing unit 24 concerned in this way, in 
raising a security side further, Independently [ the central processing unit 24 concerned ], 
to put side by side separately the cipher-processing device which performs data 
processing, and what is necessary is just made to perform encryption and decoding 




processing here by the unique arithmetic logic which specialized in encryption. 

[0053]The data input/output control program 31 is read into the system memory 25 from 
the central processing unit 12 of the user terminal 3 based on the session setup request 
transmitted to the card I/F part 30 through the system bath 18, the peripheral equipment 
I/F part 19, and the card reading device 2, It performs with the central processing unit 24. 
The central processing unit 24 which executes this data input/output control program 3 1 
receives the command according to standard from the central processing unit 12 of the 
user terminal 3, and answers the result of execution of the command according to the 
standard concerned to the central processing unit 12 concerned further. Execution is 
ended after this response and a session is opened. 

[0054]The standard command execution program 32 is read into the system memory 25 
according to reception of the above-mentioned command according to standard, and is 
executed by the central processing unit 24. The central processing unit 24 which executes 
this standard command execution program 32 performs processing etc. which execute the 
command according to standard, for example, read predetermined data from the data 
storage part 27 by that execution. 

[0055]When the enciphered program 33 carries out encryption processing or decoding 
processing, it is read into the system memory 25, and it is executed by the central 
processing unit 24. By this, make various kinds of User Information encipher, and the 
data storage part 27 is made to memorize, and it can be decoded and it can be made to use 
with the user terminal 3 further. 

[0056]By the way, as it was only written as the standard command execution program 
instead of a command execution program, according to the use, many standards exist in 
the card type information storage medium 1. For example, there are standards, such as a 
standard enacted since the standard and government and municipal offices which were 
enacted since the standard and credit company which enacted since a bank provided the 
service provided service of their company provided the service. The standard original 
with each is enacted also in the company which provides the security in a company or a 
net network. Thus, by enacting a standard original with each, each company can provide 
the management service of User Information with higher safety. 

[0057]Therefore, in various kinds of application AP programs using these services, a 
different command (command according to standard) for every standard must usually be 
transmitted to the card type information storage medium 1, and, thereby, predetermined 
User Information must be acquired. 

[0058]In the data storage part 27, with the card identity number 34 etc. In the network 
login information 35, the database login information 36, the client login information 37, 
the electronic money information 38, the user identification information 39, the user 
terminal login information 40, the dial-up information 41, the other above-mentioned 
user terminals 3, etc. Various kinds of User Information to be used is memorized. 
[0059]This card identity number 34 is a peculiar number according to the card vendor 
which provides the card shape information recording medium 1 concerned, the kind of 
card within the vendor concerned, etc. Thereby, the kind and the corresponding standard 
of the card shape information recording medium 1 concerned can be judged. 
r00601 Drawing 3 is an explanatory view showing an example of the data mapping of the 
data storage part 27 in the card type information storage medium 1 of drawing 2 . 
[0061]The data storage part 27 consists of the management domain 42 of one master file 




set up from the head position, and the management domain 43 of two or more 
DEDIKETO files. Each management domains 42 and 43 are set up as a field which 
continued on the data storage part 27, respectively. 

[0062]In the management domain 42 of a master file, the master file 44 (portion bundled 
with [] which starts in "MF tag number" in the management domain 42 in drawing 3 ) is 
stored in the head position, One or more elementary files 45 (portion bundled with [] 
which starts in "EF tag number" in the management domain 42 in drawing 3 ) are stored 
after it. 

[0063]ln the management domain 43 of each DEDIKETO file. The DEDIKETO file 46 
(portion bundled with [] which starts in "DF tag number" in the management domain 43 
in drawing 3) is stored in the head position, One or more elementary files 47 (portion 
bundled with [] which starts in "EF tag number" in the management domain 43 in 
drawing 3) are stored after it. And each above-mentioned User Information is stored in 
the data field of the elementary file 47 stored in the management domain 43 of this 
DEDIKETO file so that it may mention later. 

[0064]The data mapping method of the data storage part 27 is explained using drawing 4 . 
[0065] According to this embodiment, as shown in drawing 4 (A), the data storage part 27 
is classified and managed in the management domain 42 of one master file, and the 
management domain 43 of two or more DEDIKETO files. 

[0066]The management domain 42 of a master file is set up as a field including the head 
position of the data storage part 27, and it is defined as the management domain 43 of 
each DEDIKETO file becoming one address space which follows each in the other field 
for every predetermined data size, and for example, when it is going to realize single 
sign-in (enable use of all the programs of the user terminal 3 by one iD) in two or more 
user terminals 3 of all, Only the number of the user terminals 3 which carry out the insert 
and remove of the card type information storage medium 1 concerned should form the 
management domain 43 of each DEDIKETO file. In drawing 4 . single sign-in is 
realizable in the eight user terminals 3. 

[0067]The master file (in drawing 4 (A), it is written as [MF].) 44 is stored in the head 
position, and various kinds of elementary files ([EF] and notation) 45 are stored in the 
management domain 42 of a master file following it. The DEDIKETO file ([DF] and the 
notation) 46 is stored in the head position, and various kinds of elementary files ([EF] and 
notation) 47 are stored in the management domain 43 of each DEDIKETO file following 
it. 

[0068]The master file [MF] 44 consists of a tag field, a size field, and a data field, as 
shown in drawing 4 (B). The specific tag number beforehand defined based on the 
standard of the card type information storage medium 1 concerned, etc. is assigned to the 
tag field of the master file [MF] 44. The name (tag-field value) of all the DEDIKETO 
files [DF] 46 etc. which were provided in the card type information storage medium 1 
concerned are stored in the data field of the master file [MF] 44, for example. The value 
according to sizes, such as a number of bytes of this data field and the number of bits, is 
stored in the size field. 

[0069]The DEDIKETO file [DF] 46 consists of a tag field, a size field, and a data field, 
as shown in drawing 4 (Cl. The tag number of a mutually different value peculiar to each 
is assigned to the tag field of the DEDIKETO file [DF] 46. Let this value be a different 
value also from the tag number of the tag field of the above-mentioned master file 44. 




The password required in order to access to the elementary file [EF] 47 in the 
management domain 43 of the DEDIKETO file concerned etc. are stored in the data field 
of the DEDIKETO file [DF] 46, for example. 

[0070]Elementary file [EF] 45 and 47 consist of a tag field, a size field, and a data field, 
as shown in drawing 4 fD). Elementary file [EF] The tag number of a mutually different 
value peculiar to each is assigned to the tag field of 45 and 47. Let this value be a peculiar 
value for every User Information while making it into a different value also from the 
value of the tag number of the above-mentioned master file 44, and the value of the tag 
number of the above-mentioned DEDIKETO file 46. In using two or more User 
Information in one program, it considers it as a peculiar value for every User Information. 
[0071]an elementary file [EF] — to the data field of 45 and 47. When it is stored in the 
management domain 43 of a DEDIKETO file, User Information itself — or the data for 
managing the whole card, such as a card identity number, when what was enciphered is 
stored and it is stored in the management domain 42 of a master file — as it is — or it is 
enciphered and stored. 

[0072]Thus, in the card type information storage medium 1 of this embodiment, a 
peculiar tag number is matched to each and each User Information and a card identity 
number are managed as a separate file (elementary file [EF] 47). Each file (elementary 
file [EF] 47), every two or more application AP program 49, 50, and 5 1 (refer to drawing 
5) which you want to execute by 1 time of password input, or user terminal 3 — and it 
will be classified into the field (management domain 43 of a DEDIKETO file) to which 
the access control was carried out according to one password. 

[0073]In order to read predetermined User Information from the card type information 
storage medium 1 with which such data mapping is made, The management domain 43 of 
the DEDIKETO file which stores the User Information concerned is made to pinpoint in 
the central processing unit 24 first fundamentally, Next, after it made the password stored 
in the DEDIKETO file [DF] 46 concerned compare and the password is in agreement, 

The elementary file [EF] 47 which stores above-mentioned User Information is made to 
choose, and above-mentioned User Information is made further read from the data field 
of the elementary file 47. 

r00741 Drawing 5 is an explanatory view showing the example of composition of the 
program store part 15 in the user's use control system of drawing 1 . 

[0075]In the program store part 15 of this storage device 17. as the program installed 
from the recording medium besides a graphic display — the operating system program 
(OS program) 48 — further, . Perform with the central processing unit 12 under 
management of this OS program 48. A communication application application program. 
(Communication application AP program) 49, the client application application program 
(client application AP program) 50, the electronic commerce application application 
program (electronic commerce application AP program) 51, a single sign-in application 
program. (Single sign-in AP program) 52 and the application program which the other 
central processing units 12 execute are memorized. 

[0076]The OS program 48 consists of a program for executing various kinds of 
application programs on the system resource supervisory control program 53, the 
program exclusive control program 54, the communications program 55 between 
programs, and other user terminals. 

[0077]The system resource supervisory control program 53 is first read into the system 




memory 13 according to powering on to the user terminal 3, etc., and is executed by the 
central processing unit 12. The central processing unit 12 (equivalent to the system 
resource supervisor control means 56 in drawing 6) which executes the system resource 
supervisory control program 53, Interruption from those, such as the timer 14 and the 
peripheral equipment devices 20, 21, 22, 23, and 2, is managed, or data and a command 
are mainly outputted and inputted between the timer 14 and the peripheral equipment 
devices 20, 21, 22, 23, and 2. 

[0078]Especially the central processing unit 12 that executes the system resource 
supervisory control program 53, In accessing the card type information storage medium 
1 , the session was established between the card type information storage media 1 each 
time, the command was transmitted to the card type i n formation storage medium 1 on it, 
and it has received the response data from the card type information storage medium 1 . 
The central processing unit 12 with which after the response reception concerned 
executes the system resource supervisory control program 53 opens the above-mentioned 
session. Thus, it enables two or more application programs (AP program) to access 
individually and directly the degree of access to the card type information storage 
medium 1 to the one card type information storage medium 1 by establishing and opening 
a session. 

[0079]The command transmission procedure over such a card type information storage 
medium 1 is being unified in data-communications standards (protocol), such as 
IS078 16-3, now. 

[0080]The program exclusive control program 54 is first read into the system memory 13 
according to powering on to the user terminal 3, etc., and is executed by the central 
processing unit 12. The central processing unit 12 which executes the program exclusive 
control program 54, While reading a predetermined program into the system memory 13 
according to the above-mentioned interruption etc., mainly, The performance schedule 
between two or more programs read on the system memory 13 is managed by time- 
sharing etc., and the central processing unit 12 is made to execute each program. 

[0081 Scheduling of these system resource supervisory control program 53 and the 
program exclusive control program 54 is carried out so that it may perform periodically 
with the central processing unit 12. 

[0082]The communications program 55 between programs is a program which controls 
the data between two or more programs, and delivery of a command, and when data and a 
command are outputted from a certain program, it is executed with the central processing 
unit 12. 

[0083]Communication application AP program 49 is provided with the User Information 
acquisition program 57 and the User Information tag number list 58, is read into the 
system memory 13 according to the interruption request from the input device 20, etc., 
and is executed by the central processing unit 12. The central processing unit 12 which 
executes this communication application AP program 49 establishes the virtual 
connection of a predetermined zone on the net network 4 using the communication 
device 21. 

[0084]The User Information tag number list 58 is a list which matched User Information 
and the [EF] tag number about all the User Information used by communication 
application AP program 49. 

[0085]In the time of the login attestation to the net network 4 or the databases 5 and 6, 




etc., the User Information acquisition program 57 is suitably read into the system 
memory 13 with execution of communication application AP program 49, and is 
executed by the central processing unit 12. The central processing unit 12 (equivalent to 
the User Information acquisition means 59 in drawing 6 1 which executes the User 
Information acquisition program 57, The [EF] tag number corresponding to User 
Information which is needed by communication application AP program 49 is acquired 
from the User Information tag number list 58, Processing which delivers the common- 
leads access command which specified this [EF] tag number to single sign-in AP 
program 52 by communication between programs is performed. 

[0086]Client application AP program 50, It is a program for performing various kinds of 
data processing using the data on the database 5 and 6, etc., and is read into the system 
memory 13 according to the interruption request from the input device 20, etc., and the 
central processing unit 12 performs. Electronic commerce application AP program 51 is a 
program for receiving various kinds of goods and service by which offer sale is carried 
out with the net network 4 using electronic money (electronic token), It is read into the 
system memory 13 according to the interruption request from the input device 20, etc., 
and the central processing unit 12 performs. And the User Information acquisition 
program 57 which acquires various kinds of User Information from the card type 
information storage medium 1 also in these application AP programs 50 and 51, It had 
the User Information tag number list 58 which memorized the [EF] tag number used in 
order that this User Information acquisition program 57 may acquire each User 
Information, and using these, from the card type information storage medium 1 , it was 
begun suitably to read predetermined User Information, and it is used. 

[0087]The [EF] tag number of each User Information registered into each User 
Information tag number list 58 is a number which is mutually different for every User 
Information, as mentioned above, and it is a number set up in common in two or more 
users for every kind of this User Information. It does not matter at all whether it uses the 
same User Information in two or more application AP programs or uses over multiple 
times in the same application AP program. 

[0088]It is read into the system memory 13 because single sign-in AP program 52 
receives the acquisition requests (common-leads access command etc. which specified 
the above-mentioned [EF] tag number) of User Information from various kinds of above- 
mentioned application AP programs 49, 50, and 51, The central processing unit 12 
performs. This single sign-in AP program 52, By the password input of 1 time by a user, 
if possible, in order to close, use of two or more above-mentioned application AP 
programs 49, 50, and 51, The common command exclusive control program 60, the 
common command conversion program 61, the bus word cache program 62, the card 
insert-and-remove monitoring program 63, the card kind discrimination program 64, the 
card identity number tag number data 65, the single sign-in tag number data 66, It has the 
card identity list of number 67 classified by standard, the command correspondence table 
(correspondence table) 68, etc. 

[0089]In order to judge the kind of card type information storage medium 1 , and the 
standard of the command according to standard which can be executed with the card type 
information storage medium 1, the card identity list of number 67 classified by standard, 
It is the list which matched the kind concerned and the standard concerned to each card 
identity number provided from each card vendor. It can be judged from which vendor the 




card type information storage medium 1 inserted in the card reading device 2 is supplied 
by this based on a card identity number. 

[0090]The card identity number tag number data 65 is data of the [EF] tag number 
matched with the above-mentioned card identity number. Let this card identity number 
tag number be the only predetermined number irrespective of a card vendor, the above- 
mentioned kind, a standard, etc. in the service concerned. 

[009 l]a single — sign-in — a tag number -- data — 66 -- plurality — application — an AP 
program — 49 — 50 — 51 — a unit — or — a user terminal — three — a unit — attestation — 
carrying out — a sake — these — service — providing — a vendor — a company — 
specifying — [— EF — ] — a tag number — data — it is . 

[0092]The command correspondence table 68 is a table which matched the command 
according to standard in each standard to each common command. Thereby, if the 
standard of the card type information storage medium 1 can be specified, the command 
according to standard which should transmit to the card type information storage medium 
1 concerned based on a common command can be specified. 

[0093]The card insert-and-remove monitoring program 63 is read into the system 
memory 13 at the time of starting of single sign-in AP program 52, and is periodically 
executed with the central processing unit 12 as a thread after that, corresponding to a 
timer interrupt. The central processing unit 12 (equivalent to the card insert-and-remove 
monitor means 69 as a judging means in drawing 6) which executes the card insert-and- 
remove monitoring program 63, For example, if the card insertion detection flag in the 
card reading device 2, etc. are supervised periodically and insertion of the card type 
information storage medium 1 is detected first, the starting information to the card kind 
decision program 64 will be outputted. 

[0094]When the card type information storage medium 1 is extracted, While notifying 
the notice of a stop (call-back) to all the application AP programs registered into all the 
programs 60, 61, 62, 63, and 64 and the execution AP list 75 (refer to drawing 6) 
mentioned later which constitute single sign-in AP program 52, All the data which the 
system memory 13 and the data storage part 16 were made to memorize in single sign-in 
AP program 52 is eliminated. 

[0095]Like [ at the time of thereby for example making two or more User Information 
acquisition programs 57, ..., 57 supervise the insert and remove of the card type 
information storage medium 1 individually ], Without wasting the system memory 13 
vainly multiply, the card type information storage medium 1 can extract, and execution of 
two or more application AP programs can be stopped according to operation. 

[0096]The card kind discrimination program 64 is read into the system memory 13 
according to the starting information from the card insert-and-remove monitoring 
program 63, and is executed with the central processing unit 12. The central processing 
unit 12 (equivalent to the card kind judging means 70 as a judging means in drawing 6 ) 
which executes the card kind discrimination program 64, The card identity number tag 
number data 65 is specified, reading access is carried out at the card type information 
storage medium 1 , the card identity number acquired according to this is compared with 
the card identity list of number 67 classified by standard, and the kind and standard of the 
card type information storage medium 1 inserted in the card reading device 2 are judged. 
The data storage part 16 is made to memorize by using the decision result as the card 
seed data 71 (refer to drawing 6) . 




[0097]The common command conversion program 61 is read into the system memory 13 
from the User Information acquisition program 57 based on a common command being 
outputted, and is executed with the central processing unit 12. The central processing unit 
12 (equivalent to the common command conversion method 72 as a User Information 
reading means in a figure) which executes the common command conversion program 
61, The standard which should change a common command using the card seed data 71 is 
judged, and the predetermined command according to standard is generated from the 
command correspondence table 68 using this standard and common command 
(extraction). The command according to standard extracted from the command 
correspondence table 68 as a result of this processing may consist of two or more 
commands according to standard which aligned in predetermined order, if there is also a 
thing. 

[0098]The central processing unit 12 which executes the common command conversion 
program 61, The command according to standard which extracted [ above-mentioned ] is 
transmitted to the system resource supervisory control program 53 by communication 
between programs, and it is made to transmit to the central processing unit 24 of the card 
type information storage medium 1 from this system resource supervisory control 
program 53. The central processing unit 12 which executes the common command 
conversion program 61 notifies to each User Information received from the system 
resource supervisory control program 53 to predetermined application AP programs 49, 
50, and 51. 

[0099]The common command exclusive control program 60 is read into the system 
memory 13 with the common command conversion program 61, and is executed with the 
central processing unit 12. The central processing unit 12 (equivalent to the common 
command exclusive control means 73 as a demand exclusive control means in drawing 61 
which executes the common command exclusive control program 60, Set the common 
command from two or more User Information acquisition programs 57, ..., 57 to common 
command FIF074, and the data storage part 16 is made to memorize, It performs from 
the common command inputted previously, and if execution of the common command 
concerned is completed, the following common command will be performed exclusively 
one by one. 

[0100]The data storage part 16 is made to memorize the central processing unit 12 which 
executes this common command exclusive control program 60 by considering the list of 
all the application AP programs 49, 50, and 51 which receive a common command and 
have not been ended as the execution AP list 75. 

[0101 ]Thc bus word cache program 62 in the case of execution of the beginning of these 
common command conversion program 61 or the common command exclusive control 
program 60. It is read into the system memory 13 based on the cash password 76 (refer to 
drawing 6 1 not being stored in the data storage part 16 etc., and performs with the central 
processing unit 12. The central processing unit 12 (equivalent to the password cache 
means 77 as a password inputting means in drawing 61 which executes the bus word 
cache program 62, The window etc. which make the password for single sign-in enter 
into the display device 21 are displayed, the character string etc. which were inputted to 
this are acquired, and it stores in the data storage part 16 by making this into the cash 
password 76. 

[0102]Here, the meaning of command interpreter processing of the above-mentioned 




common command by the common command conversion program 61 using the command 
correspondence table 68 is explained in detail. 

[0103]In order to secure security etc., he is trying for the vendor of each card type 
information storage medium 1 to make the reading and writing of data to the data storage 
part 27 control by a command system original with each, as mentioned above. He dares 
to build an original command system and is trying for this to secure high security and 
attestation in the vendor related to security or attestation especially. Therefore, in the 
former, when the User Information acquisition program 57 was developed, the program 
which acquires User Information in each procedure independently about all the standards 
used in the application AP program in which the program is included had to be created. 
That is, when it was going to make one application AP program run on the card type 
information storage medium 1 based on two or more standards, only the number of the 
standards had to develop the program for acquiring User Information. 

[0104]In order to avoid this problem, the command correspondence table 68 is formed in 
this embodiment. In each application AP program, the common command was made to 
output from the User Information acquisition program 57, and the common command of 
a common command conversion program 61 smell lever is changed into the command 
according to standard. 

[0105]In each application AP program by this, Since it can respond to two or more 
standards only by developing one program described with the common command, the 
necessity that he is completely conscious of the standard of two or more card type 
information storage media 1 which each is going to use is lost, and development becomes 
very easy. 

[0106]In this embodiment, the make lump of command correspondence table 68 the very 
thing is also elaborated further. 

[01 07] When a special measure is not taken, a common command is defined in this way, 
When it is going to carry out command interpreter processing for this using the command 
correspondence table 68, for every common command, the command according to 
standard of the number of all the standards will have to be made to correspond to the 
command correspondence table 68 independently, and the command list of huge data size 
will be needed for it. 

[0108]However, the card type information storage medium 1 so that it may be 
represented by the above-mentioned smart card, It is mainly used for personal 
authentication or security, and in order to access the management domain 43 of a 
DEDIKETO file mentioned above, for example, the unnecessary command according to 
standard is essentially adopted as the command according to standard provided by each 
vendor for such the purpose in many cases. There are many these things used only by 
making the unnecessary command according to standard essentially the fundamental 
command according to standard and set. 

[0109]That is, to the command according to standard in the card type information storage 
medium 1 . In order to access to data, the special command according to standard 
(command according to standard which cannot be used only in a specific standard) 
original with each standard other than the fundamental command according to standard 
(in two or more standards, it is a command according to standard available in common) 
which is originally needed for a target exists. 

[01 10]In this embodiment, an example is taken by the peculiarity of the command 




according to standard in such a card type information storage medium 1 , Make only the 
command according to standard fundamental to the basic command list to which each 
common command is made to correspond directly correspond it, and about the special 
command according to standard original with the above-mentioned standard. It is 
considered as the command correspondence table 68 which added the addition command 
set to the basic command list concerned suitably based on type-of-card data. Type-of- 
card data is used for judgment of whether the command according to standard which 
added the special command according to standard original with this standard is generated, 
and no. 

[01 1 l]The small total data volume can describe the command correspondence table 68 
rather than the command correspondence table at the time of providing the command list 
which includes the special command according to standard by this, and the command list 
which does not contain it for every command according to standard. As a result, 
facilitating of development of the User Information acquisition program 57 and reduction 
of the data volume of the command correspondence table 68 can be reconciled. 

[01 12]Next, operation of such a user's use control system is explained. 

[01 13]If the power supply of the user terminal 3 is switched on, after checking that the 
system memory 13 etc. are normal, the central processing unit 12 will read into the 
system memory 13 the OS program 48 memorized by the program store part 15, and will 
perform this. Thereby, various kinds of peripheral devices 20, 21, 22, 23, and 2 will be in 
the state where it was managed by the central processing unit 12. 

[01 14]The system resource supervisory control program 53 of this OS program 48 and 
the program exclusive control program 54 are periodically executed for every 
interruption from the timer 14, or predetermined time after the above-mentioned initial 
setting. By this, the central processing unit 12 managing the interruption request from the 
peripheral devices 20, 21, 22, 23, and 2, the data input/output to the peripheral devices 
20, 21, 22, 23, and 2, etc. Various kinds of application programs can be executed in time- 
sharing. 

[01 15] After initial setting of the user terminal 3 by such an OS program 48 is made, 
according to the operation to a user's input device 20, etc. for example, If the starting 
request to communication application AP program 49 is inputted into the central 
processing unit 12 at the beginning, the central processing unit 12 will read application 
AP program 49 concerned into the system memory 13 from the program store part 15, 
and will perform this. 

[01 16] And in this communication application AP program 49, in order to acquire 
network login information and database login information from the card type information 
storage medium 1, the User Information acquisition program 57 is started. 

[01 17]The central processing unit 12 which executes this User Information acquisition 
program 57, Search the User Information tag number list 58, and the [EF] tag number 
corresponding to the above-mentioned network login information or database login 
information is acquired, The common user information read-out command for reading 
User Information corresponding to this [EF] tag number is delivered to the common 
command exclusive control program 60 by the notice between programs. 

[01 18]The central processing unit 12 which executes the common command exclusive 
control program 60 delivers the above-mentioned common user information read-out 
command to the common command conversion program 61 while registering 




communication application AP program 49 concerned into the execution AP list 75. 

[01 19]The character string which the password cache program 62 was executed with the 
central processing unit 12, and the user inputted as a result using the input device 20 etc. 
is memorized by the data storage part 16 as the cash password 76. Make it more desirable 
to encipher and memorize the above-mentioned character string in this data storage part 
16. 

[0120]The central processing unit 12 which executes the common command conversion 
program 61, The command according to standard for ordering the above-mentioned 
common user information read-out command processing equivalent to it to the central 
processing unit 24 of the card type information storage medium 1 using the card seed 
data 71 and the command correspondence table 68 is generated, and this is delivered to 
the system resource supervisory control program 53. 

[0121]The area selection command as which the command according to standard 
generated here, for example, makes the central processing unit 24 choose the 
management domain 43 of the DEDIKETO file which used the single sign-in tag number 
data 66, The command according to collation standard for making the password and the 
cash password 76 of the DEDIKETO file 46 of the management domain 43 concerned 
compare in the central processing unit 24, The command according to file selection 
standard as which the central processing unit 24 is made to choose the elementary file 47 
which stores the above-mentioned [EF] tag number, It consists of a command according 
to read-out standard to which data is made to read from the data field of the selected 
elementary file 47, and a command according to transmitting standard for making the 
read data concerned transmit. 

[0122]The central processing unit 12 which executes the system resource supervisory 
control program 53, Through the course from the system bath 18 to the card I/F part 30, 
based on a PC/SC protocol etc., a session is established between the central processing 
units 24 of the card type information storage medium 1 which executes the data 
input/output control program 31, and each command according to standard is transmitted. 
The central processing unit 24 of the card type information storage medium 1 will 
execute the standard command execution program 32, if each command according to 
standard is received. 

[0123]The central processing unit 24 of the card type information storage medium 1 
receives the command according to standard of all above, and carries out sequential 
execution in the order of reception. With the card type information storage medium 1 , it 
is performed by processing of the suitable command according to standard which suited 
each standard by this, and the central processing unit 12 of the user terminal 3, 
Irrespective of the kind of card type information storage medium 1 , the network login 
information and database login information which were matched with the [EF] tag 
number are acquirable from the card type information storage medium 1 . 

[0124]User Information acquired from these card type information storage media 1, From 
the central processing unit 12 which operates based on the common command conversion 
program 61. The central processing unit 12 which wins popularity to the User 
Information acquisition program 57 of communication application AP program 49, is 
passed to it, and executes communication application AP program 49, It becomes 
possible by establishing the virtual connection to the intranets 9 and 1 1 by transmitting 
network login information from the communication device 21, or transmitting database 




login information from the communication device 21 to write the data on the database 5 
and 6. 

[0125]Thus, after communication application AP program 49 accesses the card type 
information storage medium 1, When client application AP program 50 acquires client 
login information using the User Information acquisition program 57, Since the password 
for single sign-in is stored in the data storage part 16 as the cash password 76, the 
password cache program 62 is not started. 

[0126]Similarly, when electronic commerce application AP program 51 acquires 
electronic money information using the User Information acquisition program 57, Since 
the password for single sign-in is stored in the data storage part 16 as the cash password 
76, the password cache program 62 is not started. 

[0127]The central processing unit 12 with which it will execute the common command 
exclusive control program 60 working if the common command conversion program 61 
receives a new common command, Common command FIF074 is made to memorize this 
common command one by one, and if execution of the common command inputted 
previously is completed, processing which delivers the following common command to 
the common command conversion program 61 one by one will be performed. 

[0128]Thus, User Information used by two or more application AP programs 49, 50, and 
5 1 is stored in the management domain 43 of the DEDIKETO file managed with one 
password, If a password is entered once, the user can use application AP programs 49, 

50, and 5 1 of these plurality by carrying out cash to the data storage part 16, until the use 
ends the password which the user entered. Thereby, single sign-in service can be 
provided to a user. 

[0129]If access to the card type information storage medium 1 by two or more above 
application AP programs 49, 50, and 51 is summarized, it will become a concept as 
shown in drawing 6 . The User Information read-out demand from each application AP 
program is transmitted to a lower means in order from the means of the figure upper part, 
and the response of User Information over it is transmitted to an upper means in order 
from the means of the figure bottom. 

[01 30] Although an above embodiment is a suitable embodiment of this invention, in the 
range which does not deviate from the gist of this invention, various change is possible 
for it. For example, although the above-mentioned embodiment described the case of 
what a user uses directly as the user terminal 3, For example, in addition, a credit card, a 
prepaid card, an automatic-accounts-transfer card, It is provided in the user terminal 
which the salesclerk who processes the payment by electronic money etc. uses, the 
entrance to a building, etc., and can use suitably also in the user terminal for managing 
receipts and payments of the user to the building concerned, etc. 

[013 1] Although only the number of the user terminals 3 which carry out the insert and 
remove of the storage 1 concerned forms the management domain 43 of a DEDIKETO 
file provided in the card type information storage medium 1 concerned and it can be 
made to perform single sign-in in all the user terminals 3 in this embodiment, For 
example, about User Information used in the application AP program accessed to the high 
data of confidentiality, etc. Even if there is the other application AP program used on the 
same user terminal 3, it manages to the management domain 43 of a different 
DEDIKETO file from it, and it does not matter even if it makes it make a password enter 
separately. In this case, the number of the management domains 43 of a DEDIKETO file 




provided in the card type information storage medium 1 increases more than the number 
of the user terminals 3 which carry out the insert and remove of it. On the contrary, it 
may not set up use the management domain 43 of one DEDIKETO file in two or more 
user terminals 3 also until it says. 

[0132]In this embodiment, the user's use control program 57 is started at the time of 
starting of first application AP program 49, Although he is trying to make the password 
for accessing to the management domain 43 of the DEDIKETO file used with the user 
terminal 3 concerned in this timing enter, it may be made to make the password 
concerned enter at the time of starting of the OS program 48. In this case, it becomes the 
single sign-in service for every user terminal 3 instead of the single sign-in service to two 
or more application AP programs 49, 50, and 51. 

[01 33] Although this embodiment explained the card type information storage medium 1 
as an example as a portable information storage medium, Even if it is a portable 
telephone terminal incorporating the SPOM (self-programable one-chip microcomputer) 
type IC chip etc. which are standardized in IS07816, Other small removable memory 
devices etc. can be used similarly. 

[0134] 

[Effect of the Invention]Without being conscious of the kind and standard of the portable 
information storage medium concerned in the program using the User Information 
concerned in this invention, though User Information is stored in a portable information 
storage medium, Desired User Information can be read from a portable information 
storage medium, and the user's use control system, the user's use control method, and 
user's use control program which pursued the convenience of the user and the program 
development person by this can be obtained. 



[Translation done.] 




